crowdsecurity · mmetc · Apr 11, 2023 · Apr 7, 2023 · Apr 7, 2023 · Apr 8, 2023
diff --git a/config/helper.sh b/config/helper.sh
diff --git a/debian/control b/debian/control
@@ -8,10 +8,14 @@ Description: Firewall bouncer for Crowdsec (iptables+ipset)
 Depends: iptables, ipset, gettext-base
 Replaces: crowdsec-firewall-bouncer
 Conflicts: crowdsec-firewall-bouncer-nftables
+Section: admin
+Priority: optional
 
 Package: crowdsec-firewall-bouncer-nftables
 Architecture: any
 Description: Firewall bouncer for Crowdsec (nftables)
 Depends: nftables, gettext-base
 Replaces: crowdsec-firewall-bouncer
 Conflicts: crowdsec-firewall-bouncer-iptables
+Section: admin
+Priority: optional
diff --git a/debian/crowdsec-firewall-bouncer-iptables.postinst b/debian/crowdsec-firewall-bouncer-iptables.postinst
@@ -3,23 +3,23 @@
 systemctl daemon-reload
 
 BOUNCER="crowdsec-firewall-bouncer"
-CONFIG="/etc/crowdsec/bouncers/$BOUNCER.yaml"
-SERVICE="$BOUNCER.service"
+BOUNCER_PREFIX="FirewallBouncer"
 
-helper="/usr/lib/$DPKG_MAINTSCRIPT_PACKAGE/helper.sh"
+#shellcheck source=./scripts/_bouncer.sh
+. "/usr/lib/$DPKG_MAINTSCRIPT_PACKAGE/_bouncer.sh"
 START=1
 
 if [ "$1" = "configure" ]; then
-    if $helper need-api-key "$CONFIG"; then
-        if ! $helper set-api-key "$CONFIG" "FirewallBouncer"; then
+    if need_api_key; then
+        if ! set_api_key; then
             START=0
         fi
     fi
 fi
 
 systemctl --quiet is-enabled "$SERVICE" || systemctl unmask "$SERVICE" && systemctl enable "$SERVICE"
 
-$helper set-local-port "$CONFIG"
+set_local_port
 
 if [ "$START" -eq 0 ]; then
     echo "no api key was generated, you can generate one on your LAPI server by running 'cscli bouncers add <bouncer_name>' and add it to '$CONFIG'" >&2

diff --git a/debian/crowdsec-firewall-bouncer-iptables.postrm b/debian/crowdsec-firewall-bouncer-iptables.postrm
diff --git a/debian/crowdsec-firewall-bouncer-iptables.prerm b/debian/crowdsec-firewall-bouncer-iptables.prerm
@@ -1,4 +1,15 @@
 #!/bin/sh
 
-systemctl stop crowdsec-firewall-bouncer || echo "cannot stop service"
-systemctl disable crowdsec-firewall-bouncer || echo "cannot disable service"
+set -eu
+
+BOUNCER="crowdsec-firewall-bouncer"
+
+#shellcheck source=./scripts/_bouncer.sh
+. "/usr/lib/$DPKG_MAINTSCRIPT_PACKAGE/_bouncer.sh"
+
+systemctl stop "$SERVICE" || echo "cannot stop service"
+systemctl disable "$SERVICE" || echo "cannot disable service"
+
+if [ "$1" = "purge" ]; then
+    delete_bouncer
+fi
diff --git a/debian/crowdsec-firewall-bouncer-nftables.postinst b/debian/crowdsec-firewall-bouncer-nftables.postinst
@@ -3,23 +3,23 @@
 systemctl daemon-reload
 
 BOUNCER="crowdsec-firewall-bouncer"
-CONFIG="/etc/crowdsec/bouncers/$BOUNCER.yaml"
-SERVICE="$BOUNCER.service"
+BOUNCER_PREFIX="FirewallBouncer"
 
-helper="/usr/lib/$DPKG_MAINTSCRIPT_PACKAGE/helper.sh"
+#shellcheck source=./scripts/_bouncer.sh
+. "/usr/lib/$DPKG_MAINTSCRIPT_PACKAGE/_bouncer.sh"
 START=1
 
 if [ "$1" = "configure" ]; then
-    if $helper need-api-key "$CONFIG"; then
-        if ! $helper set-api-key "$CONFIG" "FirewallBouncer"; then
+    if need_api_key; then
+        if ! set_api_key; then
             START=0
         fi
     fi
 fi
 
 systemctl --quiet is-enabled "$SERVICE" || systemctl unmask "$SERVICE" && systemctl enable "$SERVICE"
 
-$helper set-local-port "$CONFIG"
+set_local_port
 
 if [ "$START" -eq 0 ]; then
     echo "no api key was generated, you can generate one on your LAPI server by running 'cscli bouncers add <bouncer_name>' and add it to '$CONFIG'" >&2

diff --git a/debian/crowdsec-firewall-bouncer-nftables.postrm b/debian/crowdsec-firewall-bouncer-nftables.postrm
diff --git a/debian/crowdsec-firewall-bouncer-nftables.prerm b/debian/crowdsec-firewall-bouncer-nftables.prerm
@@ -1,4 +1,15 @@
 #!/bin/sh
 
-systemctl stop crowdsec-firewall-bouncer || echo "cannot stop service"
-systemctl disable crowdsec-firewall-bouncer || echo "cannot disable service"
+set -eu
+
+BOUNCER="crowdsec-firewall-bouncer"
+
+#shellcheck source=./scripts/_bouncer.sh
+. "/usr/lib/$DPKG_MAINTSCRIPT_PACKAGE/_bouncer.sh"
+
+systemctl stop "$SERVICE" || echo "cannot stop service"
+systemctl disable "$SERVICE" || echo "cannot disable service"
+
+if [ "$1" = "purge" ]; then
+    delete_bouncer
+fi
diff --git a/debian/rules b/debian/rules
@@ -18,7 +18,7 @@ override_dh_auto_install:
 	for BACKEND in iptables nftables; do \
 		PKG="$$BOUNCER-$$BACKEND"; \
 		install -D -m 0755 $$BOUNCER -t "debian/$$PKG/usr/bin/"; \
-		install -D -m 0700 config/helper.sh -t "debian/$$PKG/usr/lib/$$PKG/"; \
+		install -D -m 0600 scripts/_bouncer.sh -t "debian/$$PKG/usr/lib/$$PKG/"; \
 		BACKEND=$$BACKEND envsubst '$$BACKEND' < config/$$BOUNCER.yaml | install -D -m 0600 /dev/stdin "debian/$$PKG/etc/crowdsec/bouncers/$$BOUNCER.yaml"; \
 		BIN="/usr/bin/$$BOUNCER" CFG="/etc/crowdsec/bouncers" envsubst '$$BIN $$CFG' < "config/$$BOUNCER.service" | install -D -m 0644 /dev/stdin "debian/$$PKG/etc/systemd/system/$$BOUNCER.service"; \
 	done